PDF malware analysis — malicious · c8b76b4752766b1a

MALICIOUS

PDF

1.0 KB

MD5: a24048fb538da100039ccc19b2b5a8e9 SHA-1: 4aca233e63e790e30b5763c52fba35720b96e589 SHA-256: c8b76b4752766b1afd3a5443cdfe53e9dbfe8c7fcc15f93fbb71efea4f1a580b

74 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: Malicious JavaScript

The PDF contains embedded JavaScript and utilizes ASCIIHexDecode and ASCII85Decode filters, which are common indicators of obfuscation and potential exploit delivery within PDF documents. The ML classifier strongly flagged this PDF as malicious, indicating a high likelihood of exploit execution. No specific IOCs like URLs or hashes were extracted, but the presence of JavaScript points to an attack pattern involving script execution.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 4

ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.